Jun
25
2009

Jun.24, 2009: 2 new Cisco critical vulnerabilities

On June 24, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published 2 new vulnerability advisories.

1) Cisco Physical Access Gateway Denial of Service Vulnerability
A denial of service (DoS) vulnerability exists in the Cisco Physical Access Gateway. There are no workarounds available to mitigate the vulnerability. This vulnerability has been corrected in Cisco Physical Access Gateway software version 1.1. Cisco has released free software updates that address this vulnerability.

Vulnerable Products
Cisco Physical Access Gateway running software versions prior to 1.1 are vulnerable.

Details
The Cisco Physical Access Gateway is the primary means for the Cisco Physical Access Control solution to connect door hardware, such as locks and readers, to an IP network. Certain crafted TCP port 443 packets may cause a memory leak that could lead to a denial of service (DoS) condition in the Cisco Physical Access Gateway. A TCP three-way handshake is needed to exploit this vulnerability.

Impact
Successful exploitation of the vulnerability described in this document may result in a memory leak. The issue could be repeatedly exploited to cause an extended DoS condition. Connected door hardware, such as card readers, locks, and other input/output devices will function intermittently during extended DoS exploitation. Doors will remain open or locked depending on the gateway’s configuration.

Link: http://www.cisco.com/…/advisory09186a0080ad0f8b.shtml

 

2) Vulnerabilities in Cisco Video Surveillance Products
Cisco Video Surveillance Stream Manager firmware for the Cisco Video Surveillance Services Platforms and Cisco Video Surveillance Integrated Services Platforms contain a denial of service (DoS) vulnerability that could result in a reboot on systems that receive a crafted packet.

Cisco Video Surveillance 2500 Series IP Cameras contain an information disclosure vulnerability that could allow an authenticated user to view any file on a vulnerable camera.

Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.

Vulnerable Products
The following products are vulnerable:

  • Cisco Video Surveillance Stream Manager firmware for the Cisco Video Surveillance Services Platform versions prior to 5.3
  • Cisco Video Surveillance Stream Manager firmware for the Cisco Video Surveillance Integrated Services Platform versions prior to 5.3
  • Cisco Video Surveillance 2500 Series IP Camera firmware versions prior to 2.1

Details
Cisco Video Surveillance Services Platforms and Cisco Video Surveillance Integrated Services Platforms are vulnerable to a DoS condition. An attacker could exploit this vulnerability by sending a crafted packet to UDP port 37000, which could cause the crash of a critical process and result in a system reboot. This vulnerability is documented in Cisco Bug ID CSCsj47924 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-2045.

Cisco Video Surveillance 2500 Series IP Cameras contain an information disclosure vulnerability. An authenticated user may be able to access a vulnerable camera and view any file through the embedded web server on TCP ports 80 (HTTP) and/or 443 (HTTPS), depending on the camera configuration. This vulnerability is documented in Cisco Bug IDs CSCsu05515 and CSCsr96497 (Wireless Cameras) and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-2046.

Impact
Successful exploitation of the Cisco Video Surveillance Stream Manager firmware vulnerability could cause a system reboot. Repeated exploitation may result in an extended DoS condition, which could prevent administrators from viewing video surveillance feeds.

Successful exploitation of the Cisco Video Surveillance 2500 Series IP Cameras vulnerability could allow an authenticated user to view any file on a vulnerable camera. This vulnerability could allow a non-privileged user to obtain privileged access.

Link: http://www.cisco.com/…/advisory09186a0080ad0f8f.shtml